Oracle Spares Management
Monthly
Full product takeover of Oracle Spares Management (a module of Oracle E-Business Suite) is achievable by a low-privileged remote attacker over HTTPS, affecting supported versions 12.2.3 through 12.2.15. Oracle rates this 8.8 CVSS with high impact across confidentiality, integrity, and availability, and the vector indicates easy exploitation with no user interaction. There is no public exploit identified at time of analysis, and the CVE is not on CISA KEV.
Full product takeover of Oracle Spares Management (a module of Oracle E-Business Suite) is achievable by a low-privileged remote attacker over HTTPS, affecting supported versions 12.2.3 through 12.2.15. Oracle rates this 8.8 CVSS with high impact across confidentiality, integrity, and availability, and the vector indicates easy exploitation with no user interaction. There is no public exploit identified at time of analysis, and the CVE is not on CISA KEV.